Skip to main content

Data protection policy

[The English translation of the privacy policy is a non-binding service. The German data protection declaration is legally binding.]

 

Part I gives you general information about the processing of your personal data by us when you visit and use our website, as well as information about the rights you have as a person affected by the processing.

Under Part II we inform you about which cookie is used on the website.

Part III provides information on how we process your data outside the website.

Part IV provides you with information on when you can object to the processing of your data by us.

 

Part I: General data protection information

Name and contact details of the person in charge

Deutsche Krankenhaus TrustCenter und Informationsverarbeitung GmbH (DKTIG)

Humboldtstraße 9
04105 Leipzig
E-Mail:     mail@dktig.de
Telefon:   +49 (0) 341 - 308951-0
Telefax:    +49 (0) 341 - 308951-25

Managing Director:

Dipl. Kfm (FH) Rene Schubert

Board of Directors:

Dr. Stephan Helm (Chairman), Managing Director Krankenhausgesellschaft Sachsen e. V.
Georg Baum (Deputy Chairman), Chief Managing Director Deutsche Krankenhausgesellschaft e. V.
Ingo Morell, Managing Director Gemeinnützige Gesellschaft der Franziskanerinnen zu Olpe mbH (GFO)
Marc Schreiner, LL.M., Managing Director Berliner Krankenhausgesellschaft e.V.
Uwe Zimmer, Managing Director Krankenhausgesellschaft der Freien und Hansestadt Bremen e.V.

Contact details of the data protection officer

Jan Marschner, LL.M.

Lawyer | Data protection officer
Markt 9
04109 LeipzigE-Mail:     jm@datenschutzbeauftragter-leipzig.de
Telefon:   +49 (0) 341 – 2618 9373

 

Provision of the website and creation of log files

Whenever our website is called up, our system automatically collects data and information from the computer system of the calling computer. The following data is collected:

  • Information about the browser type and version used
  • The user's operating system
  • The Internet service provider of the user
  • The IP address of the user
  • Date and time of access
  • Websites from which the user's system reaches our website
  • Websites that are accessed by the user's system via our website

The data is stored in log files at our technical service provider, InterNetX GmbH, Johanna-Dachs-Str. 55, 93055 Regensburg, Germany.  The legal basis for the temporary storage of data is Art. 6 para. 1 letter f DS-GVO. The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 Para. 1 lit. f DS-GVO.

The above-mentioned data is stored in the log files to ensure the functionality of our website. In addition, this data serves us to optimise the website and to ensure the security of our information technology systems (e.g. attack detection). These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 Para. 1 letter f DS-GVO.

The data is deleted as soon as it is no longer required for the purpose for which it was collected. In the case of the collection of data for the purpose of providing the website, this is the case when the respective session has ended. Log files are stored for a maximum of 14 days.

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. There is therefore no possibility of objection on the part of the user.

Contact form

On our website there is a contact form which can be used for electronic contact. If a user takes advantage of this possibility, the data entered in the input mask is transmitted to us and stored. At the time the message is sent, the user's IP address and the date and time of contact form use are also stored.

Insofar as the contact is established within the framework of the initiation or execution of a contract, the legal basis is Art. 6 Para. 1 S. 1 lit. b DS-GVO. If the contact serves other purposes, the legal basis is Art. 6 Para. 1 sentence 1 lit. f DS-GVO. Processing is carried out for the purpose of carrying out the communication. This also represents our legitimate interest.

The storage of the user's IP address and the date and time of contact form use serves to ensure the security of our information technology systems (e.g. attack detection). These purposes also represent our legitimate interest in data processing in accordance with Art. 6 Para. 1 lit. f DS-GVO.

The recipient of the data is technically necessary our service provider impressum health & service communication oHG, Hohe Brücke 1, 20459 Hamburg.

The data will be deleted as soon as they are no longer required for the purpose of their collection. For the personal data from the input mask of the contact form, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be concluded from the circumstances that the matter in question has been finally clarified. However, this does not affect storage periods (e.g. commercial and tax law storage obligations according to § 257 of the German Commercial Code and § 147 of the German Fiscal Code), which we are legally obliged to observe. The legal basis for this storage is Art. 6 para. 1 letter c DS-GVO. After expiry of these retention periods, this data will be deleted.

Any personal data additionally collected during the sending process will be deleted after a period of 30 days at the latest.

Google Analytics

In order to be able to optimally adjust our website to your interests, we use Google Analytics, a web analysis service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Dublin (hereinafter referred to as "Google"). In Google Analytics, interactions of the user of our website are primarily recorded and systematically evaluated by means of "cookies". If individual pages of our website are called up, the following data are stored:

  • three bytes of the IP address of the calling system of the user (anonymous IP address)
  • the website accessed
  • the website from which the user has reached the page called up on our website (referrer)
  • the subpages that are called from the called page
  • the frequency of visits to the website

The legal basis for the processing of Google Analytics is Art. 6 (1) sentence 1 lit. a DS-GVO. Google Analytics is only activated when you have agreed to the use of tracking cookies.

The data stored by tracking is deleted as soon as it is no longer required for our recording purposes. In our case this is the case after 26 months.

You can revoke your consent to the use of tracking cookies within the cookie settings. In addition, you can use a browser add-on to deactivate Google Analytics JavaScript (ga.js, analyticsjs, dc.ja) to prevent Google Analytics from using your aforementioned data. If you want to deactivate Google Analytics, you can download and install the add-on for your own browser. The add-on for deactivating Google Analytics is compatible with the current versions of Chrome, Internet Explorer, Safari, Firefox and Opera. For the add-on to work, it must be loaded and executed correctly in the browser. You can find more information under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

Google is exclusively responsible for this data processing. You can find information under https://policies.google.com/privacy

Google Fonts

We use so-called web fonts, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

For this purpose, the browser you use must connect to Google's servers. This enables Google to know that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and attractive presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 Para. 1 S. 1 lit. f) DS-GVO. We have no knowledge of the storage period at Google and have no possibility of influencing it.

You can object to the processing by changing the browser settings so that the browser does not support web fonts - in which case, however, a standard font is used by your computer. Google is responsible for further data processing. You can find further information on how Google handles your data by clicking on the following links:

https://developers.google.com/fonts/faq and
https://policies.google.com/privacy.

Gstatic

On our website a web service of the company Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland (hereinafter: Gstatic) is loaded.

We use this data to ensure the full functionality of our website. In this context, your browser may transmit personal data to Gstatic.

Legal basis for the data processing is Art. 6 Abs. 1 lit. f DS-GVO. The legitimate interest consists in an error-free function of the website. Further information on the handling of the transferred data can be found in the privacy policy of Gstatic: https://policies.google.com/privacy

You can prevent the collection and processing of your data by Gstatic by deactivating the execution of script code in your browser or by installing a script blocker in your browser.

Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter: "reCAPTCHA") on our website. The provider of the service is Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Dublin (hereinafter: "Google").

The purpose of reCAPTCHA is to check whether the data entry in the contact form of the website is made by a human being or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis starts automatically as soon as the user accesses the website. For analysis purposes, reCAPTCHA evaluates various information (e.g. IP address, time spent on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run completely in the background. You will not be informed that an analysis is taking place.

The processing is based on Art. 6 para. 1 sentence 1 lit. f) DS-GVO. We have a legitimate interest in protecting our web offers from abusive automated spying and from unsolicited e-mail advertising (SPAM).

Google is responsible for further data processing. For further information about Google reCAPTCHA and the handling of your data by Google please refer to the following links:

https://policies.google.com/privacy and

https://developers.google.com/recaptcha/

Google Maps

We bind the maps of the "Google Maps" service of Google Ireland Limited, Gordon House, Barrow Street, Dublin, D04 E5W5, Dublin (hereinafter "Google"). In order to make the map material available, technically necessary data will be processed by Google for this purpose.

The integration of Google Maps is necessary for the demand-oriented design of our website. This is also in our interest in data processing in accordance with Art. 6 Para. 1 Letter f DS-GVO.

Google is responsible for further data processing. You can find further information on the handling of your data at: https://policies.google.com/privacy and https://developers.google.com/fonts/faq

Rights of the user concerned

In accordance with Article 15 of the DS-GVO, you have the right to obtain information about the data stored about you. Should incorrect personal data have been processed, you have the right to have it corrected in accordance with Art. 16 DS-GVO.

If the legal requirements are met, you can request the deletion or restriction of processing, as well as object to data processing (Art. 17, 18 and 21 DS-GVO). Under Art. 20 DS-GVO, you can assert the right to data transferability in the case of data which is processed automatically on the basis of your consent or a contract with you.

If you believe that data processing violates data protection law, you have the right to complain to a data protection supervisory authority of your choice (Art. 77 DS-GVO in conjunction with Section 19 BDSG). This also includes the data protection supervisory authority responsible for us: Sächsischer Datenschutzbeauftragter, https://www.saechsdsb.de

 

Part II: Cookies

When you access the website, an information window appears on the cookies used on the website. This service is technically implemented in cooperation with the company Cybot, Havnegade 39, 1058 Copenhagen, Denmark.

The cookie window offers the user the possibility to decide whether only the technically necessary cookies or additional cookies may be set. The user can use the pop-up element "Show details" to obtain detailed information about all cookies used on the website before making his decision. This information is automatically updated when changes are made to the website.

The website uses cookies to personalize content and advertisements, to offer social media functions and to analyze the access to the website. In addition, information about the use of the website is passed on to our social media, advertising and analysis partners. Our partners may combine this information with other information that you have provided to them or that they have collected as part of your use of the services.

.

Part III: Data processing outside the website

Customer database

When we receive contact information from business partners, we store it in our CRM database for communication purposes. If the business partner has given us permission to do so and to contact him, the legal basis is Art. 6 Para. a DS-GVO. If the purpose of the contact is to prepare, establish or implement a contract, the legal basis is also Art. 6 Para. letter b DS-GVO.

Consent which may have been granted may be revoked at any time without affecting the lawfulness of the processing carried out on the basis of the consent until revocation. We will simultaneously delete the data of the business partner. The data will also be deleted as soon as they are no longer required for the purpose of their collection. This is the case if the business partner is no longer interested in receiving further information from us.

Communication in general, especially by e-mail

We process your personal data on the basis of Art. 6 para. 1 sentence 1 letter b DS-GVO. The processing serves the execution of our contracts or pre-contractual measures with you and the execution of your order, as well as all activities in our company necessary for this. The respective details regarding the purpose of the data processing can be found in the respective contract documents and terms and conditions. We also process the personal data transmitted to us in the course of contacting you. The legal basis is Art. 6 para. 1 p. 1 letter f DS-GVO. This is permissible insofar as the processing is necessary to safeguard our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms outweigh the protection of personal data. Such a legitimate interest exists in the assertion of legal claims and defence in the event of legal disputes, in the execution of payment processing via external service providers, in the guarantee of IT security and the IT operation of the company and in direct advertising. In addition, we process personal data in accordance with Art. 6 para. 1 letter c DS-GVO, insofar as this is necessary for the fulfilment of legal obligations to which we are subject as a company. The purposes of processing include, for example, commercial and tax law obligations to retain data in accordance with § 257 of the German Commercial Code (HGB) and § 147 of the German Fiscal Code (AO).

If you contact us by e-mail, e-mail log files are additionally created by our e-mail provider, axilaris GmbH, Moritzstraße 24, 09111 Chemnitz, Germany, and stored with the e-mail header information for maximum 30 days. We ourselves have no access to these files. The legal basis is Art. 6 para. 1 lit. f DS-GVO. The legitimate interest lies in the defence against illegal e-mails and the prosecution of legal action. There is no possibility of objection in this respect.

Within the company, access to your data is granted to those departments that require it to fulfil their contractual and legal obligations. Order processors employed by us (Art. 28 DS-GVO) may also receive data for these purposes. These are companies in the categories IT services, logistics, debt collection and sales and marketing. In exceptional cases, recipients of your data may also be holders of professional secrecy (tax consultants, auditors, lawyers) and authorities.

If necessary, we process and store your personal data for the duration of the business relationship. This also includes the initiation and execution of the contract. We also store your personal data for the duration of the existence of warranty and guarantee claims. Furthermore, we store your personal data to the extent that we are legally obliged to do so. Corresponding proof and storage obligations arise in particular from commercial and tax law reasons in accordance with § 257 of the German Commercial Code (HGB) and § 247 of the German Fiscal Code (AO).

The processing of personal data is necessary for communication as well as for the establishment and execution of the contract. Without the provision of your personal data, we usually have to refuse the conclusion of the contract or are no longer able to execute an existing contract or have to terminate it.

Data protection information for applicants

We process the data that you have sent us in connection with your application in order to be able to assess the establishment of an employment relationship. The legal basis is Art. 6 para. 1 sentence 1 letter b DS-GVO and § 26 BDSG. If you have given us your consent to process your data for inclusion in our pool of applicants, the lawfulness of this processing is based on your consent (Art. 6 para. 1 sentence 1 letter a DS-GVO). Consent that has been granted can be revoked at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.

In addition to the application procedure, we process personal data in accordance with Art. 6 Paragraph 1 S. 1 Letter f DS-GVO. This is permissible insofar as the processing is necessary to safeguard our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms outweigh the protection of personal data. Such a legitimate interest exists in the assertion of legal claims and defence in legal disputes. In addition, we process personal data in accordance with Art. 6 Para. 1 Letter c DS-GVO, insofar as this is necessary for the fulfilment of legal obligations to which we are subject as a company.

Within the company, access to your data is granted to those departments that need it to fulfil the contractual and legal obligations of the company. Contract processors employed by us (Art. 28 DS-GVO) may also receive data for these purposes. These are companies in the IT services and consulting categories.

If no employment relationship is established, the personal data will be deleted within 6 months of the application procedure being completed. If an employment relationship is established, your application will become part of your personnel file.

In the event that you have agreed to further storage of your personal data in our applicant pool, we will take over your data and delete it after two years at the latest.

 

Part IV: Information on your right of objection under Art. 21 DS-GVO

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data relating to you, which is carried out on the basis of Article 6 paragraph 1 letter f of the DPA (data processing based on a balancing of interests). If you lodge an objection, we will no longer process your personal data, unless we can demonstrate compelling reasons for processing that are worthy of protection and outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

In individual cases we process your personal data for the purpose of direct marketing. You have the right to object at any time to the processing of data concerning you for the purpose of such advertising. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be made without any formality and should be addressed, if possible, to the contact details given above under the heading "Name and contact details of the person responsible".